Warrantless Cellphone Searches Illegal, Supreme Court Rules

Supreme Court bars police from searching data on an individual's cellphone without a warrant.

In a unanimous ruling that extends privacy protections to include the smartphones owned by the majority of Americans, the Supreme Court ruled Wednesday that police need warrants to search cellphones of individuals they arrest.

The 9-0 decision extends Fourth Amendment protections to Americans' cellphones that store myriad data on their personal lives, such as their contacts, correspondence, and financial data.

Chief Justice John G. Roberts Jr. minced no words in what he wrote on behalf of the court. "Our answer to the question of what police must do before searching a cellphone seized incident to an arrest is accordingly simple -- get a warrant."

Smartphones "are not just another technological convenience," Roberts wrote on behalf of the court, but one that, because of their impressive storage capacity and their ability to store details of one's personal life, is "worthy of the protection for which the Founders fought."

The Fourth Amendment to the US Constitution prohibits unreasonable searches and seizures and requires police to obtain a warrant, judicially sanctioned and supported by probable cause, before accessing such information for prosecutorial purposes.

The court heard arguments in April on two cases regarding the issue: Riley v. California (13-132) and US v. Wurie (13-212).

In the first case, police in 2009 used various files on the smartphone of David Riley, without first obtaining a warrant, to convict Riley on a variety of charges, including attempted murder. Riley was sentenced to 15 years to life in prison. A California Appeals Court upheld the conviction, stating that none of the data extracted from the phone required a warrant.

In the second case, police in 2007 searched without a warrant the call log on the flip phone of suspected Boston drug dealer Brima Wurie to identify the location of his apartment and conduct a raid that produced drugs, cash, and a weapon. Wurie was convicted by a federal judge on gun and drug crimes, but a federal appeals court reversed the decision, finding that police should have obtained a warrant.

"The police generally may not, without a warrant, search digital information on a cellphone seized from an individual who has been arrested," Roberts wrote.

The justices noted that a search of digital information on a cellphone jeopardizes personal privacy to a degree "substantially greater" than a brief physical search at time of arrest.

Primary exemptions to obtaining a warrant at time of arrest have historically fallen under the landmark case of Chimel v. California, in which warrantless searches at time of arrest might be allowed for reasons of officer safety or to prevent the destruction of evidence, noted Roberts.

"The digital data stored on cellphones does not present either Chimel risk," he wrote. "To the extent that cellphone data might warn officers of an impending danger, e.g., that the arrestee's confederates are headed to the scene, such a concern is better addressed through consideration of case-specific exceptions to the warrant requirement, such as exigent circumstances," he wrote.

As for the matter of whether cellphone data is vulnerable to remote wiping and data encryption, Roberts wrote, "The briefing also gives little indication that either problem is prevalent or that the opportunity to perform a search incident to arrest would be an effective solution. And, at least as to remote wiping, law enforcement currently has some technologies of its own for combating the loss of evidence."

The Chief Justice noted the unprecedented storage capacity of the modern smartphone and the "interrelated consequences" such capacity holds for privacy: The device collects in one place many different types of information, the storage capacity of the device conveys far more than previously possible about an individual's private life from one source of information than previously possible, and the data stored on the device can stretch back to the purchase of the device -- and in some situations, even earlier.

He noted the rapid adoption of smartphones and the central role they now play in the daily lives of Americans. "A smartphone of the sort taken from Riley was unheard of 10 years ago; a significant majority of American adults now own such phones."

Cloud computing has been endorsed by everyone from the president on down as a key way to make government IT more efficient and responsive. Planning a move should be on every agency's to-do list. Get the Gov Cloud: Executive Initiatives, Enterprise Experience report today (registration required).

William Welsh is a contributing writer to InformationWeek Government. He has covered the government IT market since 2000 for publications such as Washington Technology and Defense Systems. View Full Bio

I'll go one further and say that it should apply to any information device be it a cell phone, laptop, email (encrypted or not) note pad, post it notes, etc. If law enforcement approaches an individual because they are actively committing a crime, it should never have been OK to dig through personal information in an attempt to implicate someone in a crime. Now if you happen to have a hand written check list sitting on your dash that says 1. buy ski mask 2. buy gun 3. rob bank 4. get away and a police officer sees it out in the open in the course of a traffic stop that's one thing, taking your cell phone from you and looking through everything to see if they can trap you with anything is another.

This is excellent, no searching cell phones without a warrant, it should really be expanded to any encrypted personal data like emails that use auto encryption or just data on your computer or laptop that is encrypted with http://www.appincredible.com/online/encryption/ or other encryption tools.

The two are apples and oranges, I think, as the NSA operates under a whole different rulebook from local police, ultimate constitutional basis aside. I hadn't though about the idea that if I were arrested and my phone taken that I could have a partner remotely wipe it. That's certainly very feasible -- perhaps drug cartels will start buying MDM systems and containerizing their dealers' devices.

I wonder how this will affect the snooping performed by organisations like the NSA? Surely if a warrant is required, its mass collection of data would be compromised. I could see it still being able to harvest metadata, but raw information would be much harder to come if a warrant was needed in every case.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.